What does the role-based access control in the Cisco Application Policy Infrastructure Controller
provide?
A.
RBAC is not supported in Cisco ACL
B.
File system separation
C.
The distributed database
D.
Per-tenant admin separation
What does the role-based access control in the Cisco Application Policy Infrastructure Controller
provide?
What does the role-based access control in the Cisco Application Policy Infrastructure Controller
provide?
A.
RBAC is not supported in Cisco ACL
B.
File system separation
C.
The distributed database
D.
Per-tenant admin separation
D not B
Cisco ACI permits tenant users to modify the parameters and configuration of the ACI fabric that they own and control. They can also read statistics and monitor faults and events for the entities (managed objects) that apply to them, such as endpoints, EPGs, and application profiles. Tenant users can perform configuration changes and read fault and event logs from the parts of the ACI fabric to which they have access.
The ACI switch operating system includes a role-based access control (RBAC) feature that allows highly specific access for a given role. This RBAC feature scales to a maximum of 64 unique roles and 256 rules per role. The ACI APIs retrieve data directly from the object store. A core APIC internal data access control system provides multitenant isolation and prevents information privacy from being compromised across tenants. Read and write restrictions prevent any tenant from seeing any other tenant’s configuration, statistics, faults, or event data. Unless the administrator assigns permissions to do so, tenants are restricted from reading fabric configuration, policies, statistics, faults, and events.
The APIC implements a two-level solution for access control:
● Traditional role-based control: This control level defines the types of objects that a user is authorized to access. Users are assigned roles (collections of privileges) that govern read-only or read-write access to managed objects in the system. All managed object classes have one or more privileges that are assigned to them.
● Domain-based control. This control level defines the domains in which a user is authorized to access objects.